On 10/03/2011 03:01 AM, Trzewiczek Łukasz wrote:
Hi,

I have encountered the same problem with Mutual RSA +
XAUTH authentication. My client version is 2.1.7 and I use it
with ASA 5505 (soft ver.6.2) with mutual PSK authentication.
Cisco ASA is configured the same as in this tutorial:

http://www.cisco.com/en/US/products/ps6120/
products_configuration_example09186a0080930f21.shtml

I also have Microsoft`s CA. It works perfectly with Cisco VPN
Client but doesn`t with Shrew. Has any of you used such dual
authentication with success? I have tried probably every option
in access manager and I don`t know if there`s any bug in access
manager or my configuration is wrong.

Logs from ASA are as following:

Sep 29 09:06:22 hutmenasa %ASA-6-302015: Built inbound UDP
connection 250884 for outside:95.41.84.136/4500 (95.41.84.136/4500)
to identity:172.18.1.16/4500 (172.18.1.16/4500)

Sep 29 09:06:22 hutmenasa %ASA-6-713172: Group = Uzytkownicy,
IP = 95.41.84.136, Automatic NAT Detection Status:     Remote end
is NOT behind a NAT device  This end   IS   behind a NAT device

Sep 29 09:06:22 hutmenasa %ASA-6-717022: Certificate was
successfully validated. serial number: 626A0CC20004000000AD,
subject name:  [email protected],
cn=<C5>\201ukasz Trzewiczek,ou=FI,ou=DG,ou=Hutmen,ou=Uzytkownicy,
dc=hutmen,dc=pl.

Sep 29 09:06:22 hutmenasa %ASA-6-717028: Certificate chain was
successfully validated with warning, revocation status was not
checked.

Sep 29 09:06:22 hutmenasa %ASA-5-713050: Group = Uzytkownicy,
IP = 95.41.84.136, Connection terminated for peer .  Reason: Peer
Terminate  Remote Proxy N/A, Local Proxy N/A

...

Any help will be appreciated.


Hi Lukas,

To me it looks like Shrew has terminated the connection, based on the ASA reporting "Peer Terminate".

Can you produce a Shrew log using these instructions to see if helps us: http://www.shrew.net/support/wiki/BugReportVpnWindows
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help

Reply via email to